BYOD Security Policy Compliance Framework

Bring Your Own Device (BYOD) is an environment that allows employees to use their own personal device to access organisation’s resources to perform their work, but it has raised some security concerns as with BYOD, organisations face bigger challenges to safeguard their information assets. Compliance with ISP is a key factor in reducing organisation’s information security risks, as such, understanding employees’ compliance behaviour and other relevant factors that influence compliance with ISP is crucial. Hence, this study aims to explore this phenomenon by investigating the factors influencing employees in complying with BYOD Information Security Policy (ISP) in Malaysian public sector. A mixed method study on five (5) ministries in the public sector is proposed for the study. The understanding of these factors would assist in systematically developing a BYOD compliance framework for the public sector. This is critical as this trend is here to stay or even expand rapidly as employees carry more than one device to the workplace. The proposed framework will help improve ISP compliance to ensure organisational information assets are well protecte

Socio-technical mitigation effort to combat cyber propaganda: a systematic literature mapping

This systematic mapping literature aims to identify current research and directions for future studies in terms of combating cyber propaganda in the social media, which is used by both human effort and technological approaches (socio-technical) for mitigation. Out of 5176 retrieved articles, only 98 of them were selected for primary studies; classified based on research artifacts, mitigation effort, and the social media platforms involved in the research. The search was conducted using selected databases and applying selection criteria set for this research. Through the analysis, important research trends were identifed based on human effort and technological approaches in mitigating and combating the cyber-propaganda issues. The authors also identifed various mitigation socio-technical approaches such as identi�cation, detection, image recognition, prediction, truth discovery and comprehension of rumours flow. The study also highlights areas for further improvements, to complement the performances of existing techniques. Besides, the study provides a brief review of cyber propaganda detection using classi�cation techniques. Hence, it has set forth applicable research focus on the areas dealing with the mitigation of risk borne by cyber propaganda in the social media

Information systems security management maturity model for electronic commerce small medium industries and enterprises (smi/e) using technology, organization and environment framework / Azah Anir Binti Norman

Today, the Information Systems Security Management (Information Systems Security Management (ISSM)) maturity framework has been recognized and accepted by businesses globally. This ISSM maturity phenomenon has shifted many business perspectives on the importance of security management towards business information systems. The development of current ISSM maturity framework, based on tried-and-true practices by security experts, have also expanded many issues in the IS research scenario among which are: (i) lack of flexible framework: the current framework developed and designed to suit brick and mortar traditional business, but not for e-commerce that has a volatile structure; (ii) lack of theory supported framework: the current ISSM framework is developed using tried-and-true practices of experts’ experiences rather than based on excepted theories. The main objective of this research is to address these two issues. The research aim is to construct an ISSM maturity model to suit e-commerce using Technology, Organization and Environment framework (Technology-Organization-Environment Framework (TOE)), DeLone and McLean Information System (IS) Success Factors, Diffusion of Innovation Theory (Diffusion of Innovation Theory (DOI)) and Ein-Dor Organizational Factors. The IS theory, IS model, IS framework and IS organization factors were selected to help develop a flexible and theoretically-based ISSM maturity model for the benefit of Small Medium Industries/Enterprises (SMI/Es) that are involved in e-commerce. This study employs a mixed-method research using the sequential mix-method procedure to predict the conceptual relationship: (i) the research quantitative phase adopts a structural equation modelling (Structural Equation Modelling (SEM)) technique using Partial Least Square iv (Partial Least Square (PLS)) method, (ii) semi-structured interviews with the selected Small Medium Industry/Enterprise (SMI/E)s business Chief Executives Officers (Chief Executive Officer (CEO)s) and business owners that are involved in e-commerce. The results show high reliability of predicted variables with minimal reading of reliability score of more than 0.85, displaying average variance extracted (Average Variance Extracted (AVE)) exceeding 0.5, indicating adequate convergent validity of all the predicted variables developed in the conceptual framework. The predicted relationship was proved to be significant with the score of 50.4% showing the high influences of latent variables discussed in this ISSM maturity research. The findings show three significant influences in ISSM maturity in e-commerce (i) technology which are the technology usage, compatibility, complexity, relative advantage and technology availability, (ii) organization including the human resources, formal and informal linking structures and the communication process and (iii) the environment of which consisted of user satisfaction, government regulations, technology support characteristics, industry characteristics and market structure. Based on both quantitative and qualitative results, four quadrant of ISSM maturity were presented. These quadrants were then organized to construct the ISSM maturity model. The research contributes to the body of knowledge in twofolds: practically and academically whereby (i) the research contributed to the development of theoretically-based ISSM maturity model for SMI/E involved in the e-Commerce, and (ii) the research justified the theoretical consideration (based on the selected IS theory, IS framework, IS model and IS factors) which formed the conceptual research framework of this thesis. This research has successfully answered all research questions where it deduced the ISSM maturity factors and described the relationship between identified factors, hence conclusively build the ISSM maturity model

Privacy and data protection in mobile cloud computing: A systematic mapping study.

As a result of a shift in the world of technology, the combination of ubiquitous mobile networks and cloud computing produced the mobile cloud computing (MCC) domain. As a consequence of a major concern of cloud users, privacy and data protection are getting substantial attention in the field. Currently, a considerable number of papers have been published on MCC with a growing interest in privacy and data protection. Along with this advance in MCC, however, no specific investigation highlights the results of the existing studies in privacy and data protection. In addition, there are no particular exploration highlights trends and open issues in the domain. Accordingly, the objective of this paper is to highlight the results of existing primary studies published in privacy and data protection in MCC to identify current trends and open issues. In this investigation, a systematic mapping study was conducted with a set of six research questions. A total of 1711 studies published from 2009 to 2019 were obtained. Following a filtering process, a collection of 74 primary studies were selected. As a result, the present data privacy threats, attacks, and solutions were identified. Also, the ongoing trends of data privacy exercise were observed. Moreover, the most utilized measures, research type, and contribution type facets were emphasized. Additionally, the current open research issues in privacy and data protection in MCC were highlighted. Furthermore, the results demonstrate the current state-of-the-art of privacy and data protection in MCC, and the conclusion will help to identify research trends and open issues in MCC for researchers and offer useful information in MCC for practitioners

A Review of Security Awareness Approach: Ensuring Communal Learning

Users’ adherence to security policy, reduced internal security threats, appropriate security behaviour and a culture of security-aware users are among the results of an effective security awareness effort in an organisation. Generally, security awareness efforts are meant to change behaviour communally, however, most of them are actually focused on altering individual security behaviours. Thus, we conducted a systematic literature review on past research on security awareness approaches focusing on the delivery methods, program contents and theories used for the proposed security awareness program and whether they help in fostering communal change. Despite the importance of ensuring communal learning in security awareness approach, we found that only one of these studies applied an approach which promotes communal change in all four of their selected underlying theories, delivery methods and program content

MyINS: A CBR e-Commerce Application for Insurance Policies

Abstract:- This paper presents the design and development of an insurance policies recommender for prospect client. The main aims of MyINS are twofold. The first aim is to simplify the process for client in making decision base on the information recommended through this system. The second aim is to allow client to choose the insurance policy that is most suitable for them. MyINS models the reasoning process employed by insurance sale agent in proposing policy to the client using case-based reasoning algorithm (CBR). CBR, generally describe the process of solving current problems based on the proposed solution from similar past problems. MyINS works with a principle assumption that different client with different background will have different type of insurance plan suitable to each one of their needs. MyINS makes recommendation of insurance policies based on personal data and desired coverage of the policyholder from the similar past problems. Similarity assessment and demonstration of case library are also presented

A comparative review of ISMS implementation based on ISO 27000 Series in organizations of different business sectors

Organizations have different takes on Information Security Management Systems (ISMS) since security measurements vary according to their business relevance. One way to assure ISMS is being well-implemented is by having a standard compliance such as the ISO 27000 series. The ISO 27000 series is a family of standards that provides a framework for best practice ISMS that helps organizations keep their information assets secure. This paper intends to seek how organizations in different business sectors implement ISMS in their practices. By identifying which organization attains a higher number of ISO requirements, it is anticipated that the characteristics that increase the chances of an organization being certified can be distinguished. This paper reviews case studies regarding the ISMS implementation based on ISO 27000 series between organizations in different business sectors. The result of this paper presents the state of ISO compliance of the organizations. The findings also discussed the characteristics of organizations that are applicable for certification. Through the findings, it is found that the organization, which fulfilled the highest number of ISO requirement, has a stronger possibility of being certified. However, ISO standards should be more dynamic to support diverse business environment thus avoiding generalization to get compliance